Update: Man Sues Ashley Madison for Tricking Him into Flirting with ‘Fembots’
November 3 – Former Ashley Madison member David Poyet is suing the dating site’s parent company Avid Life Media (ALM) for $5 million in damages, alleging it “went to extreme measures to fraudulently lure in and profit from customers,” according to the Consumerist. Poyet claims ALM created over 70,000 female bots to send male Ashley Madison users millions of fake messages, which the men were charged to respond to. This caused members to incur costs while believing it was an actual person communicating with them, according to the complaint.
Online Dating Website Hacked
Troves of sensitive data stolen from the Ashley Madison cheating site have been posted online by a hacker or group of hackers known as The Impact Team, who claims to have compromised the databases and financial records of Avid Life Media (ALM), the company that owns AshleyMadison.com and related hookup sites Cougar Life (CougarLife.com) and Established Men (EstablishedMen.com).
In addition to account data apparently taken at random from ALM’s 3 websites, The Impact Team posted leaked maps of internal company servers, employee account information, company bank account data and salary info. The events come less than 2 months after hackers leaked user data from millions of personal accounts from hookup site Adult Friend Finder (AdultFriendFinder.com).
Hacker Manifesto Exposes ‘Full Delete’ Scam
In a manifesto posted with the leaked data, The Impact Team said it hacked ALM in response to alleged lies the company told about a service it offered on AshleyMadison.com that allowed users to completely erase all their personal information for a $19 fee. According to the hackers, although the ‘full delete’ option promises “removal of site usage history and personally identifiable information from the site,” sensitive data — including users’ real name and address — aren’t actually erased from the system.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” The Impact Team wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
The hackers went on to demand that ALM immediately shut down Ashley Madison and Established Men. If their demands are not met, The Impact Team threatened to leak all customer records “including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
Who’s Behind the Leaks?
ALM Chief Executive Noel Biderman has suggested the security breach may be the work of someone who once had legitimate inside access to the company’s networks.
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
Bounty Offered to Catch Ashley Madison Hackers
AshleyMadison.com recently put up a half million dollar bounty for information leading to the arrest of the Impact Team, according to KrebsOnSecurity. The bounty came at an August 15 press conference by police in Toronto, Canada – where AshleyMadison is based. At the news conference, Toronto Police Staff Superintendant Bryce Evans detailed events in “Project Unicorn,” the code name officials have assigned to the investigation into the hacking.
“The ripple effect of the impact team’s actions has and will continue to have a long term social and economic impacts, and they have already sparked spin-offs of crimes and further victimization,” Evans said. “As of this morning, we have two unconfirmed reports of suicides that are associated [with] the leak of AshleyMadison customer profiles.”
Compromising Data on 15,000 Military Personnel Leaked
A quick review by CNNMoney identified 6,904 e-mail addresses from American and Canadian governments, in addition to another 7,239 in the U.S. Army, 3,531 in the Navy, 1,114 Marines and 628 in the Air Force. Adultery is a violation of the Uniform Code of Military Justice, which can be prosecuted and result in up to 1 year in prison and a dishonorable discharge.
LGBT Communities at Risk After Ashley Madison Hack
Gay people from around the world were members of the Ashley Madison cheating website, including 79 countries where homosexuality is illegal. In Afghanistan, Iran, Mauritania, Nigeria, Qatar, Saudi Arabia and the United Arab Emirates (UAE), the punishment is death.
Sky News Technology Correspondent Tom Cheshire said one Reddit user based in Saudi Arabia even fled the country after his information was leaked.
“Ashley Madison was sold as a way to get casual hook-ups for cheating spouses, but some users in the Middle East say they used it as a discreet way of having meetings with homosexual men who didn’t want to be identified,” Cheshire said. “There are 1,200 email addresses with the Saudi Arabia suffix where homosexuals face the death penalty.”
Hackers Post Stolen Ashley Madison Data: Wired News Video
What Information was Leaked?
The hack includes current and former Ashley Madison customer names, credit card information, physical addresses and sexual preferences. The database lists clients’ fantasies, ranging from master/slave relationships to cross dressing and exhibitionism. Some users were smart enough to use fake names; however, financial data is legitimate and can be traced, making it easy to hunt someone down.
Data Dump Leads to Suicide, Extortion Attempts
Within days of the data being posted online, people linked to exposed Ashley Madison accounts were facing extortion at the risk of being outed to family members and colleagues, according to the Chicago Tribune. Victims of the data dump are at risk for identity theft, extortion scams and even loss of their lives. To date, at least 3 suicides (one in the U.S., 2 in Canada) have been linked to the Ashley Madison hack.
How the Ashley Madison Hack Could Affect You – Even if You’re Not on the List
The Ashley Madison hacking controversy should concern you whether you were a member of the site or not, according to the Huffington Post. Millions of email and physical addresses, credit cards and other sensitive information are contained in the data dump.
Since it’s possible for someone to sign up for an Ashley Madison account using fake credentials, if your email address was used it could by possible that you are a victim without knowing it. Furthermore, home addresses and other personal information which is apt to change hands could put innocent people at risk for being targeted by identity thieves and scammers.
The Fine Print
Ashley Madison has an extensive “Terms of Service” contract most users never bother to read. However, if you take time to look at the fine print, you’re sure to spot some glaring inconsistencies.
- There’s no guarantee that ALM can protect your personal information. Although Ashley Madison claims to be 100% discreet, “You acknowledge that although we strive to maintain the necessary safeguards to protect your personal data, we cannot ensure the security or privacy of information you provide through the Internet and your email messages.”
- There’s little recourse if your data is stolen, shared or published online. “Limits on Liability. You agree that we will not be liable for any damages whatsoever… including… disclosure of… unauthorized access to … your content.”
ALM Facing $760M Class Action Lawsuit in Canada
On August 20, two law firms filed a class action lawsuit on behalf of Canadians whose personal information was breached in the Ashley Madison hacking scandal, according to TIME. The Toronto-based Avid Dating Life and Avid Life Media are named in the complaint.
The Plaintiff is Eliot Shore, who claims he joined Ashley Madison after the death of his wife. Shore said his membership did not result in any meetings with other members and that he never cheated on his wife. The class action joins another filed last month in Missouri, which was filed by an anonymous “Jane Doe” who alleges she paid a $19 fee to have her personal information deleted, which was unsuccessful.
Leaked Data Reveals 11 Million Ashley Madison Passwords
As if having your private information exposed by hackers wasn’t enough, now a group of decoding hobbyists known as CynoSure Prime have found mistakes in the way the Ashley Madison website was encrypted and decoded roughly 11 million user passwords. The group’s findings, which were first published in the technology news and information website ArsTechnica, revealed that Ashley Madison had made 2 serious mistakes when it encrypted about 15 million passwords: 1) it converted them all to lowercase letters, and 2) it ran a weak encryption algorithm on the passwords.
These blunders made the passwords about a million times faster for decoders like CynoSure Prime to crack. According to CNNMoney, the top 5 Ashley Madison passwords are:
Former Ashley Madison Employee Claims She Made Hundreds of Fake Female Profiles
A former employee of the Ashley Madison cheating website claims she was asked to create hundreds of fake “alluring female” profiles in order to attract male subscribers, according to The Independent. Doriana Silva, a Brazilian immigrant living in Toronto, says she was hired by Avid Life Media to help launch a Portuguese-language version of AshleyMadison.com and promised a starting salary of $34,000 plus benefits.
Silva claims she was asked to create 1,000 fake female profiles meant to lure men to the new site, and given only 3 weeks to complete the task. Creating the profiles “required an enormous amount of keyboarding,” and she developed severe pain in her wrists and forearms, according to a 2012 lawsuit filed by Silva.
The pain made it impossible for her to do her job and she has been unable to work since 2011, the document reads, adding she “remains seriously disabled in many if not all aspects of her life.” Silva is seeking $20 million from for what she calls “unjust enrichment” at her expense, plus another $1 million in punitive and general damages.